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The Sniffer is the only way to find every- Nor did he encounter a protocol analyzer 
thing on your network, at any protocol level. that could inspect every possible trouble 


The development of The Sniffer was led spot, and deliver feedback in the same 
by Dr. Harry Saal, one of the pioneers in precise language you use. 
Local Area Networks. In all the time he’s Clearly, a need existed for a comprehen- 
been working with LANs, not once has he sive LAN tester. 
encountered one that was running as Here it is! | 


cleanly or as quickly as it ought to. 











| The Token-Ring Sniffer’s™ Master Menu. Initiate Data 
Capture from the LAN by touching <ENTER> or by 
touching function key F10 as suggested by function key 
menu along the bottom of the screen. You can select var- 
ious data display parameters from the right hand menu 
column. Various triggering and filtering combinations are 
available during capture, set up by invoking appropriate 
master menu selections. 

The Capture information display shows the current data 
rate (solid horizontal bar at the bottom), and the peak rate 
reached in this session (shaded bar). Traffic generated by 
each station during the session is shown in the tables at 
the top. 

3 The Sniffer’s three-window data display: a summary view 
of each frame at the top, with each embedded protocol 
summarized; expanded protocol detail translated into 
English in the center window; a hexadecimal dump with 
ASCII/EBCDIC interpretation below—note highlighting 
of the bytes associated with the selected detail item. 
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'APTURING UMMARY---Rel time----D8 Tm rT r T T5T 
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LLC C D=F@ S=F@ UI 
NET Find name CHARLOTC 


IBM Portable 8.116 PC Server #1eHJS DLC AC=18, FC=48, FS-88 


T: Connand = HA 


16 40 CO BO NO OO 66 BO BA SA B8 31 Ba ¢ 
FB FƏ 83 FF EF BA BB AC BO BB BG 64€ 

48 41 52 4C 4F 54 43 28 28 20 28 26 20 28 EE HARLOTC 
#2 franes seen. 4 kuse, 72 frames accepted. 24 buffer used. 4E 41 47 41 54 45 31 37 26 20 20 20 20 28 NAGATE17 


-Frame 55 of 58— 
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SUMMARY———De lta t From IBM Portable pSUMMARY----Delta t——Fron IBM Portable 
NET Find name EAGLE<@5> 188 NETBIOS IBM Portable NET Fi 
NET Find name EAGLE<@5> | NETBIOS eIBM Portable NET Fi | 
2 399 NET Session alive | 
NET Find name EAGLE<@5> 1188 NETBIOS IBM Portable NET Fi | 
rtable NET Find name EAGLE<@3> {84 NETBIOS IBM Portable NET Fi | 
NET Name EAGLE<@3> recognized | |i | 
lon initialize 
NET D=64 5-82 Session confirm 


SNA C BIND SENDLU 
SNA R BIND 
SNA C LUSTAT 
SNA R FMD 
SNA C BIS 
SNA R FMD 
SNA C BIS 
SNA C UNBIND 


DETAIL 


Pg 


XID format = 3, type = Z 
Length of I-field: 76 
Node ID: Block number 88, ID number 912112 
Node characteristics = BO 
| z INIT-SELF cannot be sent 
= BIND may be sent without prior INIT SELF 
z FID tupe 2 is supported 
me 30 of 225———— 


Header length = 14, Data lengt || NET: Header length = 14, Data lengt 

Delimiter = EFFF (NETBIOS) || NET: Delimiter = EFFF (NETBIOS) 

Command = 16 || NET: Command = 19 

Transmit correlator = 8688 | NET: Max data receive size = 2000 

Remote session number = 2 ET: Transmit correlator = 8803C 

Local session number = 4 | NET: Receive correlator = 6828 
Remote session number = 2 

—Frame 65 of 84- | i pane 61 of 84-- 





4 The Sniffer's two-viewport, multiple window display for 


convenient tracing or comparison of information in differ- — | 
SMB R 1 entry found (done) 


ent frames. Note system overhead shown here: multiple oS 8.856 SMB C Continue search 
inquiries regarding station EAGLE. The Sniffer is expert | 2 Tee oh Co en SMB R No more files 
‘nefficienci I? IB C Open \TEST.BAT 
_at revealing such inefficiencies. — | | | o SMB R F-08008 Opened 
5 A Summary and Detail examination selectively focused on | 3 0.028 SMB C F-08008 Read 512 at 8 
: 3 813 SMB R.OK 
higher level SNA protocols. | | | | 054 SMB C F=0888 Close 
6 The two-station presentation available in The Sniffer | 5 B12 ma a SMB R Closed 
s ‘ j | > Open \TEST.BAT 
makes it easy to track command/response situations ba 3 927 | SMB R F=@88@ Opened 
(note ‘C’ and ‘R’ in the display), in this case DOS level | 6 8.627 SMB C F-8688 Read 512 at 18 
SMB frames. | 74 a Bia ia . 


SMB C F-0088 Close 
SMB R Closed 

SMB C Open \TEST.BAT 

| SMB R F28888 Opened 

5 SME C F-09000 Read 512 at 28 


ed 01O CA 





Color display is available only with an external monitor. 


7 Function = 82 (Open File) 
(NPID) = A4E6 
Process id (PID) = 1808 


Net path 


Return code 


File pathname 
lags 


Access f 
B.. 


= 8,8 (0K) 


: Pass access to any sub-processes 


ai aaa 


= 'NTEST. BAT” 
86 


AA 


006 .... = MS-DOS compatibility exclusive open eae 
. 8888 = Open file for reading A Detail view of an SMB ‘Open File’ command. 
E 3 = i. o The Display/Summary sub-menu of the Ethernet model 
File(s) not changed since last archive | of The Sniffer. Persons with good LAN knowledge usually 
_ = Directory ne go | feel at home with The Sniffer's menu structure after just 


: System file(s) | a few minutes of experimentation. 
T Paa | The Sniffer's Ethernet/Display/Filters/Protocols selection 
o žar Dind Aa i í ; 
ang 2 . — sub-menu area—one scrolls up and down in the right 
hand column to select the desired protocol filters (there 


are still others above and below those shown). 


n H H 1 


H H HBU 





| Mane width = 12 PT | AA | J UDP 
Cable Tester WI | | JJ Summary | | J ICMP 
Traffic Generator <] |] IEEE 882.3 frames | Iv Detail | | J TCP 
f Capture filters | Ethernet franes | | x Hex | | J Telnet 
a Trigger | | | I x Two viewports | Address level | J FIP 
| : o A| | T Highest level only | i - | Address filter | J SMTP 
| | di J Sumnar = į x Two-station format | | ps | i J RPC 
| x Detail | | | Print '| Pattern Match | J NFS 
| x He | iPDelta tine | B Manage names — | | J MOUNT 
x Two viewports | | Relative time | | | J Good franes | J YP 
| | Absolute time | ii | J Bad CRC frames | J PMAP 
Filters | | NW Utilization | | | J Collisions | J Domain 
Print i | Bytes | ji Ed Bad alignment | J Novell NetWare 
| Morel- More] i | | ee YA | ; ; i i 
Show the summary Li beeeratafion of franes. It sali protocol hu filters. 





; space to select (J) or not select (x) this option lc ise the arrow keys to nove around in the » 





SUMA ta t—DS Loo - 
_ Gtuy «Kuan e D 8 895 [36.53.8.195] 
Kuan “Pine C Gtuy if WE AA | 1604 [36.53.8.18] 
Pine C Gtuy “kuan TCP D-23 $=1842 ACK=2938104833 | | 27 8.621 [36.53.8.195], 
Pine C Gtuy “Kuan TCP D-23 S=1042 ACK-2938184833 | [36.53.0.18] 
Pine C Gtuy ¢Kuan Telnet C PORT=1042 (BB) | | 29 0.921 [36.53.8.195] «136.53 
Kuan Pine C Gtwy ICP D=1042 S-23 ACK=43117356 a. J011 
Pine C Gtwy «Kuan TCP D-23 $=1842 ACK=2938184833 
Kuan “Pine C Gtwy Telnet R PORT=1042 <1B>1<1B>Y6k8<1 
Pine C Gtwy «Kuan TCP D=23 $=1642 ACK=2938184844 
Pine C Gtuy “Kuan TCP D=23 $=1842 ACK=2938184844 
Pine C Gtwy “Kuan Telnet C PORT=1842 <@B> 
Kuan Pine C Gtuy TCP D=1842 $=23 ACK=43117351 
Pine C Gtwy ¢Kuan TCP D=23 $=1042 ACK=2938164844 
Kuan +Pine C Gtwy Telnet R PORT=1842 <@A>struct pkt_ pi 
Pine C Gtuy “Kuan TCP D-23 5-1842 ACK=2938185242 | I 
Pine C Gtwy Kuan TCP D-23 $=1642 ACK=2938185242 | | o il.stanford.edu 
6287016827CO+82608C836367 Telnet C PORT=14660 <17> | DOMAIN: Type = All records (#,255) 
Pine C Gtuy Kuan Telnet C PORT=1042 <8B> | | DOMAIN: Class = Internet (IN, 1) 
Kuan “Pine C Gtuy TCP D=1842 $=23 ACK=43117352 DUI 
2 Pine C Gtuy “Kuan TCP D=23 $=1842 ACK=2938185242 | | mma mbala ene of “Internet Domain header” J 


3.0.18] Telnet R PORT=14668 <1B>LK 
8.195] TCP D-23 $=14668 ACK=3 
1.8.18] Telnet R PORT=14668 (BANA 
|. 8.195) TCP D-23 $=14668 ACK=3 | 
:8.18] Telnet R PORT=14668 (BAHA | 
[36.53.0.18] #[36.53.8.195] TCP D-23 $=14668 ACK=3 | 
[36.53.0.1B] #[36.53.0.195] TCP D=23 $=14668 ACK=3 | 


on o oi mi 
2 pan GI GI OJ 


[128.32.138.4] «136.53.8.181 DOMAIN R ID=166 STAT-OK 


.6 = no recua Ja hii 


j: AI ANCOUNT-B, NSCOUNT-A, ARCOUNT-B 


ba . AA 





Here's a Display/Summary window with an example Illustrating how The Sniffer can look behind the gateway 
of repetitive acknowledgements—not uncommon on in an Ethernet environment, by showing addresses 
networks we have seen—but often a waste of time imbedded in higher level protocols. 
and resources. Use The Sniffer to track down and 
eliminate these inefficiencies—get more out of your 
network investment. 







Get this free demo disk. 


It’s as easy as calling this number. So call now. Once you p- 
watch it on your PC- or AT-compatible screen, you won't 
be willing to live without The Sniffer. 


1-800-232-5599, Dept. G1 


(From California, call 1-800-227-5445, Dept. G1 ) 


Network 


General 


1296B Lawrence Station Road 
Sunnyvale, California 94089 
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General 


1296B Lawrence Station Road 
Sunnyvale, California 94089 
Phone: (408) 734-0464 
Fax: (408) 734-1828 








